|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #41202 crypt function returns different hashes in PHP4/PHP5
Submitted: 2007-04-26 13:46 UTC Modified: 2007-04-26 15:04 UTC
From: nickmc33 at hotmail dot com Assigned:
Status: Not a bug Package: *Encryption and hash functions
PHP Version: 5.2.1 OS: Windows Server 2003 x64 Edition
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
Solve the problem:
39 - 22 = ?
Subscribe to this entry?

 [2007-04-26 13:46 UTC] nickmc33 at hotmail dot com
I'm finding that the crypt function produces different hashes on PHP4 and PHP5 systems when the second character of the salt is an underscore.

Reproduce code:
print crypt("password","x_")."<br />";
print crypt("password","xx");

Expected result:
The hashes generated should always be the same.

Actual result:
Using the test code above the first hash will be different when ran using PHP 5.2.1 and PHP 4.4.4, but the second hash will always be the same.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2007-04-26 13:53 UTC] nickmc33 at hotmail dot com
Test results:




 [2007-04-26 14:38 UTC]
PHP5.2 on windows returns the same result as on PHP5 & PHP4 on Linux.
So there was a problem in PHP4 on windows which eventually got fixed.
 [2007-04-26 14:55 UTC] nickmc33 at hotmail dot com
Bogus? I'd imagine that this bug still exists in the latest version of PHP4 as there's no mention of a fix in subsequent updates. The bugged version of PHP that we're runnign isn't really that old (4.4.4). We're going to have to be careful when upgrading now.
 [2007-04-26 14:56 UTC] nickmc33 at hotmail dot com
Reopened for comment.
 [2007-04-26 14:57 UTC] daveyfelton at hotmail dot com
Why on earth has this bug been marked as bogus!? Of course it's a bug! This is going to cause us so many problems when we upgrade from PHP 4 to 5, becuase all the user passwords we have stored with one way encryption based on crypt won't work anymore!
 [2007-04-26 15:04 UTC]
>This is going to cause us so many problems when we upgrade from 
>PHP 4 to 5

I said the crypt function has been FIXED.
Now it returns the same result as on Linux.
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Mon Aug 26 09:01:26 2019 UTC